Amazon Inspector

• Service: Security assessment service
• Principle: Automatically assesses applications on Amazon EC2 instances for exposure, vulnerabilities, and deviations from best practices.
• Key Feature: Produces a detailed list of security findings prioritized by severity.
• Use Cases: EC2 instance security assessments.
• Access: Findings are accessible via the Amazon Inspector console or API.
• Service Description: An automated security assessment service for applications deployed on Amazon EC2 instances. It assesses exposure, vulnerabilities, and deviations from best practices.

Amazon GuardDuty

• Service: Threat detection
• Principle: Monitors for malicious activity and unauthorized behavior across AWS accounts.
• Key Feature: Analyzes data from AWS CloudTrail, VPC Flow Logs, and DNS Logs.
• Use Cases: AWS account-level threat monitoring (not for EC2 instance management).
• Limitation: Cannot be used to check OS vulnerabilities.
• Service Description: A threat detection service monitoring malicious activity and unauthorized behavior to protect your AWS account.

Amazon Macie

• Service: Data Security and Privacy
• Principle: Utilizes machine learning to discover and protect sensitive data within AWS.
• Key Feature: Identifies and generates alerts for sensitive data, such as Personally Identifiable Information (PII).
• Use Cases: Ensures data security by detecting sensitive information. (Note: Not applicable for EC2 instance security assessments.)
• Limitation: Does not assess operating system vulnerabilities.
• Service Description: A data security and privacy service that leverages machine learning to identify and safeguard sensitive data within AWS environments.

AWS Shield

• Service: DDoS protection
• Principle: Provides always-on protection against Distributed Denial of Service attacks.
• Key Feature: Automatically mitigates DDoS attacks with minimal application downtime.
• Use Cases: General protection for AWS resources (not specific to EC2).
• Limitation: Cannot be used to check OS vulnerabilities.
• Service Description: Managed Distributed Denial of Service (DDoS) protection service.

AWS Direct Connect

• Service: Network connection service
• Principle: Establishes a dedicated network connection between your premises and AWS.
• Key Feature: Provides a private virtual interface to an Amazon VPC, ensuring a high-bandwidth connection that bypasses the public internet.
• Use Cases: Private network connection between on-premises data centers and AWS VPCs.
• Limitation: Takes at least a month to establish.
• Service Description: Establishes a dedicated network connection from your premises to AWS.

EC2 Dedicated Host

• Service: Dedicated physical server
• Principle: Enables use of eligible software licenses (e.g., Microsoft, Oracle) on Amazon EC2.
• Key Feature: Fully dedicated physical server for corporate compliance.
• Use Cases: Software licensing and corporate compliance.
• Comparison: Different from Dedicated Instances (which share hardware within the same AWS account).
• Service Description: Provides a physical server fully dedicated to your use, allowing the use of eligible software licenses.

Infrastructure as a Service (IaaS)

• Service: Cloud computing model
• Principle: Provides fundamental building blocks like networking, computing, and storage.
• Key Feature: Offers the highest flexibility and control over IT resources.
• Example: Amazon EC2.
• Comparison: Different from PaaS (focus on application deployment) and SaaS (complete products managed by the service provider).

Instance Store

• Service: Temporary Block-Level Storage
• Principle: Provides low-latency storage physically attached to the host computer.
• Key Features: Offers temporary, low-latency storage that does not persist after the instance terminates. This storage is included in the instance cost.
• Use Cases: Ideal for temporary storage requiring low latency.
• Comparison: Unlike EFS, EBS, and S3, this service does not provide persistent storage.
• Service Description: Temporary block-level storage for EC2 instances, offering fast, low-latency storage that is cleared when the instance is terminated.

Amazon Redshift

• Service: Data warehouse
• Principle: Fully managed, petabyte-scale cloud-based data warehouse for large data sets.
• Key Feature: Designed for large-scale data storage and analysis.
• Comparison: Different from Glue (ETL service), Storage Gateway (hybrid cloud storage), and Database Migration Service (for database migration).

AWS Budgets

• Service: Budget management
• Principle: Enables the creation of custom budgets with alerts for costs or usage that exceed defined thresholds.
• Key Features: Supports setting and monitoring reservation utilization or coverage targets across services like EC2, RDS, and Redshift, helping manage AWS spending.
• Use Cases: Ideal for monitoring and controlling AWS expenses.
• Comparison: Unlike the AWS Simple Monthly Calculator, which provides cost estimates, and Trusted Advisor, which offers best practice recommendations, AWS Budgets focuses on active budget management and alerts.
• Service Description: AWS Budgets allows you to set custom budgets and receive alerts when costs or usage exceed the specified limits.

Amazon SQS & SNS

• Services: Messaging services
• Principle: Decouples and scales microservices and distributed systems.
• Key Feature:
  • SQS: Message queuing service.
  • SNS: Pub/Sub messaging service.
• Use Cases: Decoupling components in microservices-based applications.
• Comparison: Different from EC2 (computing service), Lambda (serverless compute), and Step Function (workflow service).
• Key Features: Both can be used to decouple microservices and serverless applications.

AWS Regions & Availability Zones

• Concept: AWS Global Infrastructure
• Principle: Regions are composed of multiple Availability Zones (AZs), each containing one or more data centers.
• Key Features: AZs are isolated but interconnected through low-latency networks. Each Region includes two or more AZs, which consist of discrete data centers with redundant power, networking, and connectivity, ensuring high availability and fault tolerance.
• Use Cases: Ideal for achieving high availability and fault tolerance.
• Comparison: Unlike Edge Locations, which are used for content delivery, Regions and AZs focus on infrastructure redundancy and performance.
• Service Description: AWS organizes its infrastructure into Regions and Availability Zones (AZs) to provide robust and scalable cloud services.

AWS Professional Services & AWS Landing Zone

• Service: Consulting and infrastructure setup
• Principle: Accelerates infrastructure migration with expert assistance and automation.
• Key Feature: AWS Landing Zone automates secure, multi-account AWS environment setup.
• Use Cases: Infrastructure migration for startups.
• Comparison: Different from raising a support ticket or using Trusted Advisor.
• Service Description: AWS Professional Services helps customers achieve desired outcomes on AWS, and AWS Landing Zone accelerates the setup of secure, multi-account environments.

AWS CloudTrail

• Service Description: Enables governance, compliance, and auditing of AWS account activity.
• Key Features: Records AWS API calls and saves them in S3 for auditing. Used for account-level activity logging.

Cloud Computing Models

• Infrastructure as a Service (IaaS): Offers the most control over IT resources, exemplified by Amazon EC2.
• Platform as a Service (PaaS): Provides managed infrastructure for deploying and managing applications, exemplified by Elastic Beanstalk.
• Software as a Service (SaaS): Delivers a complete product managed by the provider, exemplified by AWS Rekognition.

Other Services

• AWS EMR (Elastic MapReduce): Cloud-based platform for processing and analyzing large datasets.
• AWS Trusted Advisor: Online tool providing real-time guidance to optimize AWS resources.

AWS Lambda

• Service: Serverless Compute
• Principle: Automatically runs code in response to events without provisioning or managing servers.
• Key Feature: Pay only for the compute time consumed.
• Use Cases: Real-time file processing, data transformation, microservice backends.
• Limitation: Not ideal for long-running tasks.

Amazon RDS

• Service: Managed Relational Database
• Principle: Simplifies setup, operation, and scaling of relational databases.
• Key Feature: Automated backups, patching, and scaling.
• Use Cases: Database management without worrying about infrastructure.
• Comparison: Different from DynamoDB (NoSQL database service).

Amazon S3

• Service: Object Storage
• Principle: Provides scalable storage for any type of data, with high availability and durability.
• Key Feature: Integrates with various AWS services for data analytics and machine learning.
• Use Cases: Backup, archiving, data lakes, and hosting static websites.
• Limitation: Not suitable for real-time data processing.

AWS Elastic Beanstalk

• Service: Platform as a Service (PaaS)
• Principle: Orchestrates resources like EC2, S3, and RDS for deploying and managing applications.
• Key Feature: Automatic scaling, load balancing, and monitoring.
• Use Cases: Rapid application deployment without managing infrastructure.
• Comparison: Different from Lambda (focus on event-driven functions).

Amazon CloudFront

• Service: Content Delivery Network (CDN)
• Principle: Delivers content with low latency through a global network of edge locations.
• Key Feature: Supports dynamic content delivery and integrates with S3, EC2, and Lambda.
• Use Cases: Website acceleration, video streaming, and API endpoint delivery.
• Limitation: Higher cost for infrequent content delivery.

AWS Identity and Access Management (IAM)

• Service: Access Control
• Principle: Manages access to AWS resources securely.
• Key Feature: Fine-grained permissions, MFA support, and role-based access control.
• Use Cases: Secure access management for users, groups, and services.
• Comparison: Different from AWS SSO (centralized user sign-on).

Amazon Route 53

• Service: Domain Name System (DNS) and Traffic Management
• Principle: Translates domain names into IP addresses, directing traffic to AWS resources.
• Key Feature: Offers DNS routing, health checks, and failover support.
• Use Cases: Domain registration, global traffic routing, and DNS-based load balancing.
• Limitation: Not a full replacement for network load balancers.

AWS CloudFormation

• Service: Infrastructure as Code (IaC)
• Principle: Automates the deployment and management of AWS resources using templates.
• Key Feature: Supports version control, rollback, and resource automation.
• Use Cases: Infrastructure automation, repeatable environment setup, and multi-account management.
• Comparison: Different from AWS OpsWorks (focus on Chef and Puppet automation).

Amazon VPC

• Service: Virtual Private Cloud
• Principle: Provides isolated network environments within AWS, with full control over networking.
• Key Feature: Supports subnets, route tables, and internet gateways.
• Use Cases: Secure network segmentation, hybrid cloud deployments, and VPN setups.
• Comparison: Different from Direct Connect (private connection to on-premises).

Amazon EBS

• Service: Block Storage
• Principle: Provides persistent block storage for EC2 instances.
• Key Feature: Scalable, high-performance storage that persists beyond instance termination.
• Use Cases: Databases, file systems, and boot volumes for EC2 instances.
• Limitation: Higher cost compared to S3 for long-term storage.

AWS Trusted Advisor

• Service: Resource Optimization Tool
• Principle: Provides real-time recommendations to optimize AWS resources across cost, performance, security, and fault tolerance.
• Key Feature: Identifies unused resources, underutilized instances, and security vulnerabilities.
• Use Cases: Cost optimization and best practices.
• Comparison: Different from AWS Budgets (focus on financial monitoring).